Widespread phone-based wiretapping has become the norm in the U.S., sneaked by legislators by information-hungry agencies using national security as a shield against civil liberty infringements. Now there's news the government wants to expand tapping powers to the Net too.
A report in the New York Times purports to blow the lid on plans by federal officials to push for new legislation that will require "all services that enable communications" to be tappable, including encrypted mobile email systems like BlackBerry's and social networking sites and VoIP services like Skype.
The FBI's general counsel Valerie Caproni is quoted in defense of the plans, noting it's all about "lawfully authorized intercepts" and that the moves aren't about "expanding authority. We're talking about preserving our ability to execute our existing authority in order to protect the public safety and national security." But if you read her words carefully, they're a fine example of political rhetoric. "Lawfully authorized" seems an okay phrase, but that means the authorities get to decide what's lawful--whatever it may be. And if these moves aren't about expanding authority, then why make them at all? Why not stick with simple phone taps?
And there are other concerns--the demands are to increase tapping powers of the Net for U.S. security reasons, but the Net is unlike the phone network, which requires centralized communications hubs. The Net is distributed, which gives it part of its great resilience to damage, and due to the nature of its design lots of non-U.S. traffic flows through U.S. Net infrastructure. In other words, the moves could increase the risk of damage to the Net thanks to virus writers and simultaneously allow U.S. authorities to snoop on traffic belonging to citizens of other nations without requiring any pesky diplomacy.
One other thing to think about is how this may affect the providers that "enable communications." Firstly, the scope of who these people are is important: Are we talking cell phone network operators, or every ISP--since most mobile devices can hop on to available wireless Net access points? Is Apple implied in the plans, because its FaceTime app enables face-to-face communications that could let nefarious types communicate messages that couldn't otherwise be spied on? Will Google comply with requests to enable decrypted-snooping on Google Voice calls?
The thought of Google's involvement in this situation is particularly odd, given how bullish the company was being about human rights abuses in China and its provision of uncensored Net access--with Chinese authorities heavily implicated in hack attacks to get data on dissident voices inside China who were using Google to communicate. Should Google comply with equally morally gray requests from the authorities of its home country, or does it in fact have the sheer might (backed by billions of dollars and the might of its role in dominating Net tech) to stand up to the U.S. government?
There's another angle to these snooping requests that could prove particularly thorny, and it is, as ever, about the money, and the question whether it's going to cost companies to comply with the new law. For some firms, it will require tweaks and engineering changes for sure--possibly on a rolling basis, as particular spying requests come from the authorities. These changes, be they physical or in terms of re-writing code, will definitely cost. Will the companies be liable for these costs? If so, it could prove a fiscal problem for smaller firms. They may be able to apply for financial compensation, and indeed the government may have to fork out cash to pay for certain of these requests, maybe even every time they need to snoop. This compensation cash has to come from somewhere ... and because the federal government is funded by federal dollars, this means the money will come from the taxpayer. Is the U.S. citizenry happy to pay more tax dollars in order to allow its own government to spy on its own people rather than paying for more health care?
As you can see, the implications of this type of legislation move far beyond the simple civil liberties domain, and that's with just the first pass of thinking about the issues. If you add in the diplomatic concerns of U.S. allies about the sanctity of their data passing through the U.S.'s network, then things get even more tricky.
Image via Tony Atkin.
To keep up with this news, follow me, Kit Eaton, on Twitter.